[GitHub] [knox] smolnar82 commented on a change in pull request #404: KNOX-2539 - Enhance JWTProvider to accept token via HTTP Basic

Sun, 28 Feb 2021 13:34:46 -0800 


smolnar82 commented on a change in pull request #404:
URL: https://github.com/apache/knox/pull/404#discussion_r584363952



##########
File path: 
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
##########
@@ -104,15 +112,36 @@ public void doFilter(ServletRequest request, 
ServletResponse response, FilterCha
     }
   }
 
-  public String getWireToken(ServletRequest request) {
-    final String header = ((HttpServletRequest) 
request).getHeader("Authorization");
-    if (header != null && header.startsWith(BEARER)) {
-      // what follows the bearer designator should be the JWT token being used 
to request or as an access token
-      return header.substring(BEARER.length());
-    } else {
-      // check for query param
-      return request.getParameter(paramName);
-    }
+  public String getWireToken(final ServletRequest request) {
+      String token = null;
+      final String header = 
((HttpServletRequest)request).getHeader("Authorization");
+      if (header != null) {
+          if (header.startsWith("Bearer ")) {

Review comment:
       Please use the BEARER constant.

##########
File path: 
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
##########
@@ -104,15 +112,36 @@ public void doFilter(ServletRequest request, 
ServletResponse response, FilterCha
     }
   }
 
-  public String getWireToken(ServletRequest request) {
-    final String header = ((HttpServletRequest) 
request).getHeader("Authorization");
-    if (header != null && header.startsWith(BEARER)) {
-      // what follows the bearer designator should be the JWT token being used 
to request or as an access token
-      return header.substring(BEARER.length());
-    } else {
-      // check for query param
-      return request.getParameter(paramName);
-    }
+  public String getWireToken(final ServletRequest request) {
+      String token = null;
+      final String header = 
((HttpServletRequest)request).getHeader("Authorization");
+      if (header != null) {
+          if (header.startsWith("Bearer ")) {
+              // what follows the bearer designator should be the JWT token 
being used
+            // to request or as an access token
+              token = header.substring(BEARER.length());
+          }
+          else if 
(header.toLowerCase(Locale.ROOT).startsWith("Basic".toLowerCase(Locale.ROOT))) {

Review comment:
       Please use the BASIC constant.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to